CVE-2025-43004 MEDIUM

CVE-2025-43004: Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)

Vendor Sap_Se
Product SAP Digital Manufacturing (Production Operator Dashboard)
Weakness CWE-862 · Missing authorization
Published May 13, 2025
Last update May 13, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated